Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers

Adding documentation to that fact as well. Fixes #17070 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17074)
2025-01-18 13:44:20 +08:00 · 2021-11-19 13:18:34 +01:00 · 2021-11-19 13:18:34 +01:00 · db65eabefe
commit db65eabefe
parent 2595eef82c
2 changed files with 11 additions and 0 deletions
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@ -204,6 +204,12 @@ int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
    OSSL_PARAM_BLD_DEF *pd;

    if (bn != NULL) {
+        if (BN_is_negative(bn)) {
+            ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
+                           "Negative big numbers are unsupported for OSSL_PARAM");
+            return 0;
+        }
+
        n = BN_num_bytes(bn);
        if (n < 0) {
            ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER);
--- a/doc/man3/OSSL_PARAM_BLD.pod
+++ b/doc/man3/OSSL_PARAM_BLD.pod
@ -124,6 +124,11 @@ on error.
 All of the OSSL_PARAM_BLD_push_TYPE functions return 1 on success and 0
 on error.

+=head1 NOTES
+
+OSSL_PARAM_BLD_push_BN() and OSSL_PARAM_BLD_push_BN_pad() currently only
+support nonnegative B<BIGNUM>s.  They return an error on negative B<BIGNUM>s.
+
 =head1 EXAMPLES

 Both examples creating an OSSL_PARAM array that contains an RSA key.